| |
Debian: DSA-3959-1: libgcrypt20 security update (Aug 29) |
| |
Daniel Genkin, Luke Valenta and Yuval Yarom discovered that Libgcrypt is prone to a local side-channel attack against the ECDH encryption with Curve25519, allowing recovery of the private key.
|
| |
Debian: DSA-3958-1: fontforge security update (Aug 29) |
| |
It was discovered that FontForge, a font editor, did not correctly validate its input. An attacker could use this flaw by tricking a user into opening a maliciously crafted OpenType font file, thus causing a denial-of-service via application crash, or execution of arbitrary
|
| |
Debian: DSA-3957-1: ffmpeg security update (Aug 28) |
| |
Several vulnerabilities have been discovered in FFmpeg, a multimedia player, server and encoder. These issues could lead to Denial-of-Service and, in some situation, the execution of arbitrary code.
|
| |
Debian: DSA-3956-1: connman security update (Aug 27) |
| |
Security consultants in NRI Secure Technologies discovered a stack overflow vulnerability in ConnMan, a network manager for embedded devices. An attacker with control of the DNS responses to the DNS proxy in ConnMan might crash the service and, in same cases, remotely execute
|
| |
Debian: DSA-3955-1: mariadb-10.1 security update (Aug 26) |
| |
Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.1.26. Please see the MariaDB 10.1 Release Notes for further details:
|
| |
Debian: DSA-3954-1: openjdk-7 security update (Aug 25) |
| |
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in sandbox bypass, incorrect authentication, the execution of arbitrary code, denial of service, information disclosure, use of insecure cryptography or
|
|
|
|
| |
Fedora 25: dnsdist Security Update (Sep 1) |
| |
Update to new upstream release 1.2.0 Security fix for CVE-2016-7069 and CVE-2017-7557
|
| |
Fedora 25: cacti Security Update (Sep 1) |
| |
- Update to 1.1.19 Release notes:
|
| |
Fedora 25: groovy18 Security Update (Sep 1) |
| |
Fix remote code execution vulnerability
|
| |
Fedora 25: kernel Security Update (Sep 1) |
| |
The 4.12.9 stable kernel update contains a number of important fixes across the tree.
|
| |
Fedora 26: groovy18 Security Update (Aug 31) |
| |
Fix remote code execution vulnerability
|
| |
Fedora 26: mingw-libzip Security Update (Aug 31) |
| |
This update fixes CVE-2017-12858.
|
| |
Fedora 26: kernel Security Update (Aug 31) |
| |
The 4.12.9 stable kernel update contains a number of important fixes across the tree.
|
| |
Fedora 26: cacti Security Update (Aug 31) |
| |
- Update to 1.1.19 Release notes:
|
| |
Fedora 26: dnsdist Security Update (Aug 31) |
| |
Update to new upstream release 1.2.0 Security fix for CVE-2016-7069 and CVE-2017-7557
|
| |
Fedora 25: taglib Security Update (Aug 31) |
| |
Fix for CVE-2017-12678
|
| |
Fedora 25: libsndfile Security Update (Aug 31) |
| |
fixes heap-based Buffer Overflow in psf_binheader_writef function (#1483140, CVE-2017-12562)
|
| |
Fedora 26: exim Security Update (Aug 31) |
| |
This is an update fixing multiple memory leaks and other problems.
|
| |
Fedora 25: java-1.8.0-openjdk-aarch32 Security Update (Aug 29) |
| |
8u141 security patches
|
| |
Fedora 25: postgresql Security Update (Aug 29) |
| |
rebase: update to 9.5.8, security fix for CVE-2017-7546 CVE-2017-7547 CVE-2017-7548 Per release notes: https://www.postgresql.org/docs/9.5/release-9-5-8.html
|
| |
Fedora 25: cvs Security Update (Aug 29) |
| |
This relase fixes CVE-2017-12836 vulerbaility (command injection via malicious SSH URL).
|
| |
Fedora 26: mercurial Security Update (Aug 29) |
| |
Security fix for CVE-2017-1000115, CVE-2017-1000116
|
| |
Fedora 26: cvs Security Update (Aug 29) |
| |
This relase fixes CVE-2017-12836 vulerbaility (command injection via malicious SSH URL).
|
| |
Fedora 26: java-1.8.0-openjdk-aarch32 Security Update (Aug 29) |
| |
8u141 security patches
|
| |
Fedora 26: krb5 Security Update (Aug 28) |
| |
- Fix bypass of certauth module with malicious EKU cert missing a SAN. Security related; see [upstream bug](https://github.com/krb5/krb5/pull/694) for more information. - Add kdcpolicy interface.
|
| |
Fedora 26: augeas Security Update (Aug 26) |
| |
New upstream version 1.8.1. Fixes CVE-2017-7555 (RHBZ#1482340).
|
| |
Fedora 26: libsndfile Security Update (Aug 26) |
| |
fixes heap-based Buffer Overflow in psf_binheader_writef function (#1483140, CVE-2017-12562)
|
| |
Fedora 26: xen Security Update (Aug 26) |
| |
full fix for XSA-226, replacing workaround drop conflict of xendomain and libvirtd as can cause problems (#1398590) add-to-physmap error paths fail to release lock on ARM [XSA-235] (#1484476) Qemu: audio: host memory leakage via capture buffer [CVE-2017-8309] (#1446521) Qemu: input: host memory leakage via keyboard events [CVE-2017-8379] (#1446561)
|
| |
Fedora 26: thunderbird Security Update (Aug 26) |
| |
Update to latest upstream version
|
| |
Fedora 26: taglib Security Update (Aug 24) |
| |
Fix for CVE-2017-12678
|
| |
Fedora 26: kernel Security Update (Aug 24) |
| |
The 4.12.8 stable kernel update contains a number of important fixes across the tree.
|
| |
Fedora 25: nginx Security Update (Aug 24) |
| |
This update includes nginx 1.12.1, fixing CVE-2017-7529, and adds the http_auth_request module. See https://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html for more information on CVE-2017-7529.
|
|
|
|
| |
Gentoo: GLSA-201708-10: jbig2dec: User-assisted execution of arbitrary code (Aug 26) |
| |
Multiple integer overflow flaws have been discovered in jbig2dec, possibly resulting in execution of arbitrary code or Denial of Service.
|
| |
Gentoo: GLSA-201708-09: AutoTrace: Multiple vulnerabilities (Aug 26) |
| |
Multiple vulnerabilities have been found in AutoTrace, the worst of which could cause a Denial of Service condition.
|
|
|
|
| |
SuSE: 2017:2327-1: important: xen (Sep 1) |
| |
An update that solves 6 vulnerabilities and has 5 fixes is An update that solves 6 vulnerabilities and has 5 fixes is An update that solves 6 vulnerabilities and has 5 fixes is now available. now available.
|
| |
SuSE: 2017:2326-1: important: xen (Sep 1) |
| |
An update that solves 7 vulnerabilities and has four fixes An update that solves 7 vulnerabilities and has four fixes An update that solves 7 vulnerabilities and has four fixes is now available. is now available.
|
| |
SuSE: 2017:2320-1: important: git (Sep 1) |
| |
An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available. An update that fixes one vulnerability is now available.
|
| |
SuSE: 2017:2319-1: important: xen (Sep 1) |
| |
An update that solves 6 vulnerabilities and has two fixes An update that solves 6 vulnerabilities and has two fixes An update that solves 6 vulnerabilities and has two fixes is now available. is now available.
|
| |
openSUSE: 2017:2311-1: important: samba and resource-agents (Aug 31) |
| |
An update that solves one vulnerability and has 6 fixes is An update that solves one vulnerability and has 6 fixes is An update that solves one vulnerability and has 6 fixes is now available. now available.
|
| |
openSUSE: 2017:2306-1: important: postgresql93 (Aug 31) |
| |
An update that fixes three vulnerabilities is now available. An update that fixes three vulnerabilities is now available. An update that fixes three vulnerabilities is now available.
|
| |
SuSE: 2017:2303-1: important: php7 (Aug 30) |
| |
An update that solves 9 vulnerabilities and has two fixes An update that solves 9 vulnerabilities and has two fixes An update that solves 9 vulnerabilities and has two fixes is now available. is now available.
|
| |
SuSE: 2017:2302-1: important: MozillaFirefox (Aug 30) |
| |
An update that fixes 16 vulnerabilities is now available. An update that fixes 16 vulnerabilities is now available. An update that fixes 16 vulnerabilities is now available.
|
| |
SuSE: 2017:2294-1: important: quagga (Aug 29) |
| |
An update that solves two vulnerabilities and has one An update that solves two vulnerabilities and has one An update that solves two vulnerabilities and has one errata is now available. errata is now available.
|
| |
openSUSE: 2017:2289-1: important: exim (Aug 29) |
| |
An update that fixes three vulnerabilities is now available. An update that fixes three vulnerabilities is now available. An update that fixes three vulnerabilities is now available.
|
| |
SuSE: 2017:2281-1: important: java-1_7_1-ibm (Aug 29) |
| |
An update that fixes 20 vulnerabilities is now available. An update that fixes 20 vulnerabilities is now available. An update that fixes 20 vulnerabilities is now available.
|
| |
SuSE: 2017:2280-1: important: java-1_7_1-ibm (Aug 29) |
| |
An update that fixes 20 vulnerabilities is now available. An update that fixes 20 vulnerabilities is now available. An update that fixes 20 vulnerabilities is now available.
|
| |
openSUSE: 2017:2271-1: important: ImageMagick (Aug 28) |
| |
An update that fixes four vulnerabilities is now available. An update that fixes four vulnerabilities is now available. An update that fixes four vulnerabilities is now available.
|
| |
openSUSE: 2017:2270-1: important: freeradius-server (Aug 28) |
| |
An update that fixes 7 vulnerabilities is now available. An update that fixes 7 vulnerabilities is now available. An update that fixes 7 vulnerabilities is now available.
|
| |
SuSE: 2017:2263-1: important: java-1_8_0-ibm (Aug 25) |
| |
An update that fixes 21 vulnerabilities is now available. An update that fixes 21 vulnerabilities is now available. An update that fixes 21 vulnerabilities is now available.
|
| |
SuSE: 2017:2264-1: important: libzypp (Aug 25) |
| |
An update that solves three vulnerabilities and has 5 fixes An update that solves three vulnerabilities and has 5 fixes An update that solves three vulnerabilities and has 5 fixes is now available. is now available.
|
| |
SuSE: 2017:2258-1: important: postgresql94 (Aug 25) |
| |
An update that fixes three vulnerabilities is now available. An update that fixes three vulnerabilities is now available. An update that fixes three vulnerabilities is now available.
|
|
|
|
| |
Ubuntu 0029-1: Linux kernel vulnerability (Aug 30) |
| |
Several security issues were fixed in the kernel.
|
| |
Ubuntu 3406-2: Linux kernel (Trusty HWE) vulnerabilities (Aug 29) |
| |
Several security issues were fixed in the Linux kernel.
|
| |
Ubuntu 3406-1: Linux kernel vulnerabilities (Aug 28) |
| |
Several security issues were fixed in the Linux kernel.
|
| |
Ubuntu 3405-1: Linux kernel vulnerabilities (Aug 28) |
| |
Several security issues were fixed in the Linux kernel.
|
| |
Ubuntu 3404-2: Linux kernel (HWE) vulnerability (Aug 28) |
| |
The system could be made to crash under certain conditions.
|
| |
Ubuntu 3405-2: Linux kernel (Xenial HWE) vulnerabilities (Aug 28) |
| |
Several security issues were fixed in the Linux kernel.
|
| |
Ubuntu 3404-1: Linux kernel vulnerability (Aug 28) |
| |
The system could be made to crash under certain conditions.
|
| |
Ubuntu 3403-1: Ghostscript vulnerabilities (Aug 28) |
| |
Several security issues were fixed in Ghostscript.
|
| |
Ubuntu 3199-3: Python Crypto vulnerability (Aug 28) |
| |
Programs using the Python Cryptography Toolkit could be made to crash or run programs if they receive specially crafted network traffic or other input.
|
|
|
|
| |
Debian LTS: DLA-1083-1: openexr security update (Sep 1) |
| |
Brandon Perry discovered that openexr, a high dynamic-range (HDR) image library, was affected by an integer overflow vulnerability and missing boundary checks that would allow a remote attacker to cause a denial of service (application crash) via specially crafted image files.
|
| |
Debian LTS: DLA-1082-1: graphicsmagick security update (Aug 31) |
| |
CVE-2017-13776 CVE-2017-13777 denial of service issue in ReadXBMImage()
|
| |
Debian LTS: DLA-1079-1: libdbd-mysql-perl security update (Aug 31) |
| |
The Perl library for communicating with MySQL database, used in the "mysql" commandline client is vulnerable to a man in the middle attack in SSL configurations and remote crash when connecting to hostile servers.
|
| |
Debian LTS: DLA-1072-1: mercurial security update (Aug 31) |
| |
Two significant vulnerabilities were found in the Mercurial version control system which could lead to shell injection attacks and out-of-tree file overwrite.
|
| |
Debian LTS: DLA-1081-1: imagemagick security update (Aug 31) |
| |
This updates fixes numerous vulnerabilities in imagemagick: Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service, memory disclosure or the
|
| |
Debian LTS: DLA-1080-1: gnupg security update (Aug 31) |
| |
Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal and Yuval Yarom discovered that gnupg is prone to a local side-channel attack allowing full key recovery for RSA-1024.
|
| |
Debian LTS: DLA-1077-1: faad2 security update (Aug 30) |
| |
Various security issues were discovered in faad2, a fast audio decoder, that would allow remote attackers to cause a denial of service (application crash due to memory failures or large CPU consumption) via a crafted mp4 file.
|
| |
Debian LTS: DLA-1078-1: connman security update (Aug 30) |
| |
In connman, stack-based buffer overflow in "dnsproxy.c" allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted response query string passed to the "name" variable.
|
| |
Debian LTS: DLA-1076-1: php5 security update (Aug 30) |
| |
The finish_nested_data function in ext/standard/var_unserializer.re in PHP is prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue can have an unspecified impact on the integrity of PHP.
|
| |
Debian LTS: DLA-1074-1: poppler security update (Aug 29) |
| |
Several buffer and integer overflow issues were discovered in Poppler, a PDF library, that could lead to application crash or possibly other unspecified impact via maliciously crafted files.
|
| |
Debian LTS: DLA-1075-1: wordpress security update (Aug 29) |
| |
In WordPress, there is insufficient redirect validation in the HTTP class, leading to SSRF. For Debian 7 "Wheezy", these problems have been fixed in version
|
| |
Debian LTS: DLA-1073-1: openjdk-7 security update (Aug 29) |
| |
Several vulnerabilities have been discovered in OpenJDK, an implementation of the Oracle Java platform, resulting in sandbox bypass, incorrect authentication, the execution of arbitrary code, denial of service, information disclosure, use of insecure cryptography or
|
| |
Debian LTS: DLA-1071-1: qemu-kvm security update (Aug 28) |
| |
Multiple vulnerabilities were discovered in qemu-kvm, a full virtualization solution for Linux hosts on x86 hardware with x86 guests based on the Quick Emulator(Qemu).
|
| |
Debian LTS: DLA-1070-1: qemu security update (Aug 28) |
| |
Multiple vulnerabilities were discovered in qemu, a fast processor emulator. The Common Vulnerabilities and Exposures project identifies the following problems:
|
| |
Debian LTS: DLA-1068-1: git security update (Aug 27) |
| |
Joern Schneeweisz discovered that git, a distributed revision control system, did not correctly handle maliciously constructed ssh:// URLs. This allowed an attacker to run an arbitrary shell command, for instance via git submodules.
|
| |
Debian LTS: DLA-1069-1: tenshi security update (Aug 27) |
| |
Tenshi creates a tenshi.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tenshi.pid modification before a root script executes a "kill `cat /pathname/tenshi.pid`" command.
|
| |
Debian LTS: DLA-1067-1: augeas security update (Aug 26) |
| |
Augeas is vulnerable to heap-based buffer overflow due to improper handling of escaped strings. Attacker could send crafted strings that would cause the application using augeas to copy past the end of a buffer, leading to a crash or possible code execution.
|
| |
Debian LTS: DLA-1065-1: fontforge security update (Aug 26) |
| |
FontForge is vulnerable to heap-based buffer over-read in several functions, resulting in DoS or code execution via a crafted otf file:
|
| |
Debian LTS: DLA-1066-1: php5 security update (Aug 26) |
| |
A stack-based buffer overflow in the zend_ini_do_op() function in Zend/zend_ini_parser.c could cause a denial of service or potentially allow executing code. NOTE: this is only relevant for PHP applications that accept untrusted input (instead of the system's php.ini file) for the parse_ini_string
|
| |
Debian LTS: DLA-1064-1: freeradius security update (Aug 25) |
| |
Guido Vranken discovered that FreeRADIUS, an open source implementation of RADIUS, the IETF protocol for AAA (Authorisation, Authentication, and Accounting), did not properly handle memory when processing packets.
|
|
|
|
| |
ArchLinux: 201708-18: thunderbird: multiple issues (Aug 24) |
| |
The package thunderbird before version 52.3.0-1 is vulnerable to multiple issues including arbitrary code execution, content spoofing, information disclosure, same-origin policy bypass and access restriction bypass.
|
| |
ArchLinux: 201708-17: salt: directory traversal (Aug 24) |
| |
The package salt before version 2017.7.1-1 is vulnerable to directory traversal.
|
|
|
|
| |
SciLinux: Moderate: openssh on SL6.x i386/x86_64 (Aug 31) |
| |
A covert timing channel flaw was found in the way OpenSSH handled authentication of non-existent users. A remote unauthenticated attacker could possibly use this flaw to determine valid user names by measuring the timing of server responses. (CVE-2016-6210) [More...]
|
| |
SciLinux: Moderate: poppler on SL6.x i386/x86_64 (Aug 30) |
| |
An integer overflow leading to heap-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash, or potentially execute arbitrary code when opened. (CVE-2017-9776) [More...]
|
| |
SciLinux: Moderate: poppler on SL7.x x86_64 (Aug 30) |
| |
A stack-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use poppler (such as Evince) to crash, or potentially execute arbitrary code when opened. (CVE-2017-9775) [More...]
|
| |
SciLinux: Important: thunderbird on SL6.x, SL7.x i386/x86_64 (Aug 24) |
| |
Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2017-7779, CVE-2017-7800, CVE-2017-7801, [More...]
|
